Mpaa can access popcorn time services & vpn, court rules

An interim injunction handed down by a judge in Canada has granted forensic experts under MPAA supervision access to hosting accounts and domains operated by Popcorn Time, including VPN.ht, its official VPN service.

Nevertheless, VPN.ht remains defiant, insisting that its service exists outside Canada and has not been compromised.

After weeks of rumor and sealed lips, last evening it was made official.

Movie torrent site YTS is dead, release group YIFY is no more, and the main Popcorn Time fork, PopcornTime.io, have all been shut down by the MPAA.

The operation involved legal action in two territories. In New Zealand the operator of YTS and related release group YIFY was hit by a multi-million dolalr lawsuit lodged at the High Court on October 12. Confidentiality agreements are in place so public details are scarce, but its believed that YTS has already settled with the MPAA.

In Canada, however, information is more readily available. On October 9, 2015, Paramount Pictures, Columbia Pictures, Sony Pictures, Twentieth Century Fox, Universal City Studios, Universal Network Television, Warner Bros. and Disney, filed a statement of claim in the Federal Court.

Their targets were people and companies associated with PopcornTime.io, including key developer David Lemarier and his company Wasabi Technologie plus VPN.ht Limited, the outfit behind Popcorn Time’s VPN.

The demands of the studios were broad but clear – stop infringing their rights, stop developing Popcorn Time, shut down its websites and shut down VPN.ht.

“Since April 2014, the individual Defendants David Lemarier, Robert English and Louie

Poole have been developing, operating, distributing and promoting the computer application ‘Popcorn Time’,” the studios wrote.

“In December, 2014, a paid VPN service provided by the Defendant VPN.ht Limited was integrated in Popcorn Time (PT Add-On).

The integration of the PT Add-On acts as an important enticement for users of Popcorn Time to engage in acts of copyright infringement, and is explicitly marketed as such on its website.”

The studios claim that Lemarier is the CEO of VPN.ht and Louie Poole has worked there as a software engineer “at least as early as September, 2015.” Owned by Lemarier, Wasabi Technologie is the company operating VPN.ht’s PayPal account.

“The sale of the PT Add-On service generates important monthly revenues which directly profit the Defendants David Lemarier and VPN.ht Limited, and the Defendant Louie Poole as an employee of VPN.ht Limited. All the individual Defendants as well as VPN.ht Limited derive financial benefits from their participation in Popcorn Time,” the studios add.

Just seven days later on October 16, 2015, Mr Justice Martineau in the Federal Court responded to the studios’ demands by handing down an interim injunction (pdf) against the defendants listed above.

In broad terms it restrains them from infringing the studios’ copyrights, including by continuing to develop, operate, distribute or promote Popcorn Time or “any similar software application” or website. However, it goes further – much, much further.

The injunction includes a huge list of domains and sub-domains which the studios say must be dealt with in order to “fully deactivate” Popcorn Time. PopcornTime.io. and a further 17 are said to relate to the service’s API while 39 relate to the website and four the blog. Dozens of others make up discussion forums, development platforms, mail servers, nameservers, content delivery and sundry others.

The injunction orders the defendants to hand over the login credentials “for the hosting providers and/or registrars accounts” for all of them.

They are also required to do the same for the official Popcorn Time Facebook, Twitter and Google+ accounts. This is so that computer forensics experts “acting under the supervision” of the studios can gain access to them.

Also under the microscope is VPN.ht. The injunction orders the defendants, including VPN.ht’s operators, to hand over the login credentials for “hosting providers and/or registrars” hosting the VPN.ht domains and sub-domains. They are also required to authorize computer forensics experts under the eye of the MPAA to log into VPN.ht’s infrastructure and deactivate the service.

While this development will be of concern to VPN.ht’s customers, the service itself says that there is currently nothing to worry about.

“VPN.ht is not a Canadian company, nor has any of its operations located in Canada, this means Canadian laws are not relevant in out case what so ever,” VPN.ht said in a statement.

“We understand that some of you might be worried or intimidated by the idea of the film studios, but we want to remind you that VPN.ht never logs, never shares any information with anyone else and mostly, cares about our clients and their safety.

After all this is why we started VPN.ht, to protect the vulnerable.”

The company says it operates a warrant canary to notify users in the event it has been compromised.

Currently that alone raises no alarms but it’s highly likely that user confidence will be undermined by the forceful nature of the injunction and the international reach of the MPAA.